cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
369
Views
20
Helpful
2
Replies
matty-boy
Beginner

Using the API for SGT workflows?

Hi,

I need to create LOADS of SGTs in DNAC for a customer. A Python script calling the API would have been quick and easy to do this, but the DNA API doesn't seem to expose the functionality I need.

Under the Policy section of the API explorer, there only seems to be Application Policy. No mention of SGTs or VNs.

Am I being blind? 

Is the thinking that we should use the ISE API directly instead (I've not played with the ISE API so don't know if this is possible)? And if so, what if we have the GBAC settings set to "Manage Group Based Access Control in Cisco DNA Center, policy UI in ISE will be read-only"? Will we be able to make changes via the ISE API?

 

Thanks in advance for any advice,

Matt.

 

Thanks,

Matt.

1 ACCEPTED SOLUTION

Accepted Solutions
Mike.Cifelli
VIP Advocate

AFAIK there are no DNAC APIs that allow you to bulk create SGTs. This would be a nice feature request since we now have the ability to rely on DNAC for full GBAC control. IMO it may not be a bad idea to rely on the ISE API to accomplish this task especially if it is a one time thing prior to flipping GBAC control to DNAC. From my understanding once you flip control to DNAC ISE then becomes read-only. Please submit a make a wish for the SGT API. I know from submitting several that Cisco is pretty responsive. HTH!

View solution in original post

2 REPLIES 2
Mike.Cifelli
VIP Advocate

AFAIK there are no DNAC APIs that allow you to bulk create SGTs. This would be a nice feature request since we now have the ability to rely on DNAC for full GBAC control. IMO it may not be a bad idea to rely on the ISE API to accomplish this task especially if it is a one time thing prior to flipping GBAC control to DNAC. From my understanding once you flip control to DNAC ISE then becomes read-only. Please submit a make a wish for the SGT API. I know from submitting several that Cisco is pretty responsive. HTH!

View solution in original post

Thanks Mike. I'll look into using the ISE API to achieve what we're after. I'll make a wish on this too. I too have made several suggestions and Cisco have actually arranged Webex meetings to discuss. Well done Cisco DNA team.

 

Cheers,

Matt.